cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

79
Views
0
Helpful
1
Replies
Highlighted

ISE Remediation Zone Proviosing on Wireless

Dear All,

I am new to ISE and we are deploying ISE 2.3 in our environment. We have an employee SSID on which we are trying to do posturing.I have following queries:

1. If a client is not compliant  then is it possible to put that client in a remediation zone/quarantine zone where he will first remediate by updating critical updates from SCCM and some other policies. Will that client have a separate subnet in remediation zone? How to achieve this?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Remediation Zone Proviosing on Wireless

Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137

Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.

View solution in original post

1 REPLY 1
Cisco Employee

Re: ISE Remediation Zone Proviosing on Wireless

Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137

Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.

View solution in original post